Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Axios on MSN

Faster attacks, quicker exploits: Early testers of new AI models warn of their new abilities

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...

Malware campaign lures users with fake Windows Update website

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...
Geopolitical Monitor

Distributed Risk: Open-Source Software as Strategic Infrastructure

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical ...
Morning Overview on MSN

North Korea-linked hackers used fake Teams updates to hit Axios npm

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...
PC World

Security expert publishes Windows exploit after Microsoft went silent

PCWorld reports on the ‘BlueHammer’ zero-day vulnerability that allows attackers to potentially take over Windows computers through privilege escalation. A frustrated security researcher published the ...
ZDNet

Google's Gemma 4 model goes fully open-source and unlocks powerful local AI - even on phones

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
Bleeping Computer

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services and real-world infrastructure. By combining publicly available data, weak ...
MacRumors

Apple to Issue Rare iOS 18 Software Update for DarkSword Exploit

Apple on Wednesday will issue software updates to devices still running iOS 18 to protect them from an exploit called DarkSword, which can silently take over an iPhone if it visits a website infected ...
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...